Description

PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.

Remediation

References

CVE-2015-4601

Related Vulnerabilities

WordPress Plugin HUSKY-Products Filter Professional for WooCommerce SQL Injection (1.3.6)

Drupal Core 9.2.x Security Bypass (9.2.0 - 9.2.12)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.22)

Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-6388)

WordPress Plugin Social Sharing Toolkit Cross-Site Scripting (2.1.1)

Severity

Critical

Classification

CVE-2015-4601 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities